Building redundancy on home network
I posted about the home network in multiple other posts in past. I recent time I switched from Microtik SXT Lite 5 to Power Beam PBE-M5-400. This gave me a jump from 16dbi to 25dbi which gives much sharper beam. I also got a harness & climbed BTS myself (after getting permission from the manager) this time to switch gear. I think I can do a better job than wasting time in finding guys from local WISPs to do it. 🙂
Also, Essel Group launched Siti broadband in my home area and they are using DOCSIS. The network is overall fine though initially faced many outages due to fibre cuts here & there. As of now, the connection is reasonably stable. I am paying 860Rs/month ~ $14 for 10Mbps uncapped link which gives me 10Mbps down and 1.5Mbps up. From a price point, it’s an excellent connection to have for redundancy reasons. Now as the connection is stable enough to explore auto-failover. For last few months I took both primary links as well as backup links to the router in the form of tagged VLANs and used to push specific traffic based on source IP (device at home) or destination IP/port combination using policy based routing.
Here both links drop on the TP-Link router which I use as a layer2 switch. I tag both links on different VLANs and carry them to my room over a single cable. TP-link 1043nd flashed with OpenWRT and it allows me to do simple layer 2Â aggregation and maintains 1Gig link with other switch placed in my room.
It’s tricky to do an auto-failover in such static setup where I am not using BGP and hence WAN IP changes when the connection is switched. I use Ubiquity Edge router as core router at home and it comes with the option of “load balancing” features where one can load balance or simply put a secondary interface in failover mode.
Here’s how the config looks like now:
(Note: VLAN10 / routing table1 Â – Primary link and VLAN20 / routing table 2: Secondary link)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
anurag@router01# show protocols static table 1 description "Primary Link" route 0.0.0.0/0 { next-hop $Provider1 - Router { } } [edit] anurag@router01# show protocols static table 2 route 0.0.0.0/0 { next-hop $Provider2 - Router { description "Secondary Link" } } [edit] anurag@router01# |
So this is simply putting two different routing tables in the router besides the main table known as “main”. Next, is the load balancing config:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
anurag@router01# show load-balance group Home-HA-Zone interface eth2.20 { failover-only route { table 2 } route-test { initial-delay 60 interval 5 type { ping { target 150.107.9.54 } } } } interface eth2.10 { route-test { count { failure 6 success 12 } initial-delay 60 interval 5 type { ping { target 62.140.24.49 } } } } lb-local enable [edit] anurag@router01# |
So here I have eth2.20 defined for failover only and it uses routing table 2 while the primary link is eth2.10 which uses the main table. It’s basically sending 6 pings (one in every 5 seconds) and hence if 6/6 fail during 30 seconds long outage, a primary link would be considered dead and traffic will move to secondary link. The further router will keep on trying to ping the defined IP and once there are 12 successful pings (one in every 5 seconds) in a 1min period, it would be assumed live again. New sessions will switch over to primary while existing ones will stick with secondary to avoid outage on them.
Next, load balance config is called on a firewall modify instance:
|
1 2 3 4 5 6 7 8 |
anurag@router01# show firewall modify SOURCE_ROUTE rule 30 action modify description "High Availability on Production LAN" modify { lb-group Home-HA-Zone } [edit] anurag@router01# |
and this “SOURCE_ROUTE” is called on the LAN-facing interface to apply this policy on the interface:
|
1 2 3 4 |
anurag@router01# show interfaces ethernet eth2 vif 2 firewall in modify modify SOURCE_ROUTE [edit] anurag@router01# |
And that’s all about it. It ensures that regular internet usage (not SSH sessions), streaming, Chromecast, etc all can stay live with a maximum impact of 30 seconds in case of the issue on the primary link.
Some misc notes:
- If primary link goes down, IPv6 would be still broken and I have yet to put a script to disable IPv6 on LAN in the case of an outage on the link.
- I noticed Ubnt doesn’t behave well in terms of failover if I do not specify IPv4 test address. It tends to use a test string which was pointed to Amazon CDN (which is fine btw) but as a primary link fails, DNS resolution also fails and devices seem to be re-trying DNS resolution instead of assuming failure instantly.
- I focused on testing primary link with an IP far away in Europe. The secondary link does not really matter because it’s just not being used and the case when it is being used it is the only option. Hence extensive testing makes no sense on the secondary link.
Here’s output of this load-balancing setup:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
anurag@router01:~$ show load-balance watchdog Group Home-HA-Zone eth2.20 status: Running failover-only mode pings: 2857 fails: 0 run fails: 0/3 route drops: 0 ping gateway: 150.107.9.54 - REACHABLE eth2.10 status: Running pings: 2744 fails: 6 run fails: 0/6 route drops: 0 ping gateway: 62.140.24.49 - REACHABLE anurag@router01:~$ show load-balance status Group Home-HA-Zone interface : eth2.10 carrier : up status : active gateway : $Provider1 route table : 201 weight : 100% flows WAN Out : 11767 WAN In : 14446 Local Out : 2 interface : eth2.20 carrier : up status : failover route table : 2 weight : 0% flows WAN Out : 0 WAN In : 0 Local Out : 0 anurag@router01:~$ |
Sidenote: I am in Bangalore for Rootconf 2017. I would be presenting about Eyeball routing measurement using RIPE Atlas. If you are around in Bangalore, drop me a message and it would be great to meet!